nix-super/src/libstore/sandbox-minimal.sb

mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-09-21 08:58:04 +03:00
(allow default)

; Disallow creating setuid/setgid binaries, since that
; would allow breaking build user isolation.
(deny file-write-setugid)
Always use the Darwin sandbox Even with "build-use-sandbox = false", we now use sandboxing with a permissive profile that allows everything except the creation of setuid/setgid binaries. 2017-06-06 19:44:49 +03:00			`(allow default)`

			`; Disallow creating setuid/setgid binaries, since that`
			`; would allow breaking build user isolation.`
			`(deny file-write-setugid)`